apologies, forgot this.
OTL logfile created on: 24/02/2014 11:41:14 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = Y:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.98 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.73% Memory free
5.96 Gb Paging File | 3.77 Gb Available in Paging File | 63.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 30.23 Gb Total Space | 4.30 Gb Free Space | 14.21% Space Free | Partition Type: NTFS
Drive D: | 267.75 Gb Total Space | 215.07 Gb Free Space | 80.32% Space Free | Partition Type: NTFS
Drive I: | 968.04 Mb Total Space | 595.43 Mb Free Space | 61.51% Space Free | Partition Type: FAT32
Drive Y: | 123.75 Mb Total Space | 34.43 Mb Free Space | 27.82% Space Free | Partition Type: FAT
Computer Name: G002065 | User Name: bryan.o'donovan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2014/02/24 11:40:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- Y:\OTL.exe
PRC - [2014/02/01 23:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/01/14 14:06:52 | 000,058,192 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ServiceManager.exe
PRC - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 15:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/21 04:00:00 | 001,090,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\CcmExec.exe
PRC - [2012/11/21 04:00:00 | 000,641,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\SCNotification.exe
PRC - [2012/11/21 04:00:00 | 000,470,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\RemCtrl\CmRcService.exe
PRC - [2012/09/29 14:36:46 | 000,125,504 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe
PRC - [2012/08/17 16:55:38 | 005,796,440 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2012/08/17 16:48:46 | 000,120,832 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvMon.exe
PRC - [2012/08/17 16:48:44 | 000,019,456 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2012/08/17 16:48:16 | 000,135,168 | ---- | M] (Clarus, Inc.) -- C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2012/04/23 17:23:28 | 000,104,208 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
PRC - [2012/04/10 14:46:40 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/03/15 07:09:14 | 000,509,448 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
PRC - [2012/01/31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/01/06 10:06:30 | 000,130,072 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe
PRC - [2012/01/06 10:06:21 | 000,052,248 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe
PRC - [2012/01/06 10:05:40 | 000,806,912 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2012/01/06 10:05:38 | 000,282,624 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2012/01/06 09:56:33 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/07/27 21:23:07 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () -- D:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 15:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- D:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/06 07:39:36 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/02/06 07:39:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/28 14:24:56 | 000,299,576 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
PRC - [2011/01/26 17:00:32 | 000,283,160 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/21 18:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/11 09:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/20 21:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/17 17:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/24 14:42:10 | 000,599,328 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/12/03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/11/11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/04 11:43:40 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/09/04 11:43:38 | 002,360,608 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/14 01:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008/11/13 16:24:36 | 000,214,016 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIRemoteService.exe
PRC - [2008/11/13 16:24:36 | 000,166,912 | ---- | M] (Numara Software, Inc.) -- C:\Windows\TIREMOTE\TIServiceMonitor.exe
========== Modules (No Company Name) ========== MOD - [2014/02/10 12:30:06 | 000,909,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\eeb7790c92c2f90ab0d7655ef50d8f1d\SCNotification.ni.exe
MOD - [2014/02/10 12:30:05 | 000,487,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\82b6b6c116e3220c6e8a2925d77fcc36\SCClient.Data.ni.dll
MOD - [2014/02/10 12:30:05 | 000,445,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\4c0b662833a88626dea579f09b126ed8\SCClient.Common.ni.dll
MOD - [2014/02/01 23:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 23:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 23:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 23:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 23:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/09/29 14:36:46 | 000,125,504 | ---- | M] () -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe
MOD - [2012/08/08 11:31:21 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
MOD - [2012/08/08 11:30:07 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/08/08 11:29:19 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/08/08 11:29:19 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll
MOD - [2012/08/08 11:29:19 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll
MOD - [2012/08/08 11:18:19 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/08/08 11:18:12 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/08/08 11:18:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/08/08 11:17:56 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/08/08 11:17:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/08/08 11:17:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/08/08 11:17:36 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/08/08 11:17:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/08/08 11:17:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/08/08 11:17:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/08/08 11:17:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/08/08 11:17:12 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/07/16 08:44:41 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\eef171dee81858018c3956485fff7ba7\System.Management.ni.dll
MOD - [2012/07/16 08:43:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\66df2eefe4c9863dce8aa401bb67eaf6\System.Runtime.Remoting.ni.dll
MOD - [2012/07/16 08:43:18 | 001,838,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\7a3431124b8ded91068710226c0a00d4\Microsoft.VisualBasic.ni.dll
MOD - [2012/07/16 08:43:08 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b9942cb07813f553f6d6374dd4541362\System.Xaml.ni.dll
MOD - [2012/07/15 12:07:51 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bd3685e578c22d17625390d847973de0\PresentationFramework.ni.dll
MOD - [2012/07/15 12:07:41 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\008fbb2e42b3c2569ff58d651575ff29\PresentationCore.ni.dll
MOD - [2012/07/15 12:07:38 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33eae86e0a5d9bcc4d0e4e469e2ac36a\System.Windows.Forms.ni.dll
MOD - [2012/07/15 12:07:35 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b7409080f31b0a702281b68c37bac326\System.Core.ni.dll
MOD - [2012/07/15 12:07:34 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6757251401cd9c17d5e608db6e5f964a\System.Configuration.ni.dll
MOD - [2012/07/15 12:07:33 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\68345d6b57fe33c9a94fe6a72ab5e85e\System.Xml.ni.dll
MOD - [2012/07/15 12:07:31 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0c7b3ff43f1b29cad7dde24bdbd5b79\WindowsBase.ni.dll
MOD - [2012/07/15 12:07:29 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2c958d61dd28474ec780db9d18d266ae\System.Drawing.ni.dll
MOD - [2012/07/15 12:07:28 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\57e066d0b97757dbd26d59302c3d701a\System.ni.dll
MOD - [2012/07/15 12:07:23 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e5b31f3bb6508df0dc7c20ddc72f3191\mscorlib.ni.dll
MOD - [2011/10/05 02:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/08/19 09:31:18 | 000,092,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2011/08/19 09:31:18 | 000,076,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2011/02/11 15:26:34 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2011/02/11 15:26:34 | 000,024,576 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
MOD - [2011/02/06 12:34:00 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/09/04 11:43:54 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2008/10/26 04:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/10/27 14:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/04/18 19:22:03 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/14 14:06:52 | 000,058,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Connection\Y800_EE\BackgroundService\ServiceManager.exe -- (EE WAFER Modem Device Helper)
SRV - [2012/12/14 15:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 15:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/21 04:00:00 | 001,090,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2012/11/21 04:00:00 | 000,470,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2012/11/21 04:00:00 | 000,275,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2012/08/17 16:48:44 | 000,019,456 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2012/08/02 12:24:36 | 000,048,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lppsvc)
SRV - [2012/08/02 12:24:36 | 000,048,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Policy Platform\policyHost.exe -- (lpasvc)
SRV - [2012/04/23 17:23:28 | 000,104,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012/04/10 14:46:40 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/03/15 07:09:14 | 000,509,448 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2012/01/31 09:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012/01/06 10:06:30 | 000,130,072 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFManager.exe -- (Sophos Client Firewall Manager)
SRV - [2012/01/06 10:06:21 | 000,052,248 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Client Firewall\SCFService.exe -- (Sophos Client Firewall)
SRV - [2012/01/06 10:05:40 | 000,806,912 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2012/01/06 10:05:38 | 000,282,624 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2012/01/06 09:56:33 | 000,167,960 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2012/01/06 09:56:33 | 000,099,864 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/10/13 16:11:55 | 000,552,472 | ---- | M] (Sophos Limited) [On_Demand | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\sdcservice.exe -- (Sophos Device Control Service)
SRV - [2011/05/05 14:12:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- D:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2011/02/06 07:39:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 17:00:00 | 000,013,336 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/21 18:24:50 | 002,708,784 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2011/01/17 09:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/17 09:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/11 09:57:16 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2009/12/03 15:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/04 11:43:38 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/13 05:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/11/13 16:24:36 | 000,214,016 | ---- | M] (Numara Software, Inc.) [Auto | Running] -- C:\Windows\TIREMOTE\TIRemoteService.exe -- (TIRmtSvc)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2013/11/26 11:51:22 | 010,382,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwsn00.sys -- (NETwNs32)
DRV - [2013/10/25 02:32:08 | 000,139,776 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2013/04/15 20:56:20 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/12/14 15:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/21 22:53:36 | 000,020,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PrepDrv.sys -- (prepdrvr)
DRV - [2012/06/21 13:57:52 | 000,089,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2012/06/21 13:57:40 | 000,018,864 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/04/16 09:21:55 | 000,123,680 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2012/03/15 06:02:18 | 000,143,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV - [2012/03/15 06:02:18 | 000,143,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV - [2012/01/06 10:06:33 | 000,044,024 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfndis.sys -- (scfndis)
DRV - [2012/01/06 10:06:29 | 000,086,520 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\scfdriver.sys -- (scfdriver)
DRV - [2012/01/06 09:56:23 | 000,024,312 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2012/01/06 09:56:20 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\drivers\skmscan.sys -- (SKMScan)
DRV - [2012/01/06 09:56:10 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/08/17 10:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/06/02 09:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/02/06 08:21:38 | 007,569,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/02/06 07:01:26 | 000,238,592 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/26 15:00:56 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/01/26 15:00:56 | 000,026,168 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/01/13 16:55:42 | 000,238,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1c6232.sys -- (e1cexpress)
DRV - [2010/12/28 11:25:50 | 000,143,960 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2010/12/21 16:57:50 | 007,269,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2010/12/10 21:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/12/10 21:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/12/02 16:02:56 | 000,021,560 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/11/20 21:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 21:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 21:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 21:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 21:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/11/20 21:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 21:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 21:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 21:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/11/17 01:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2010/10/19 15:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2010/01/26 12:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/12/08 03:54:44 | 009,948,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/11/18 12:19:46 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/11/12 04:14:30 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/11/05 16:35:22 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/28 16:55:00 | 000,047,616 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2009/10/26 13:39:00 | 000,048,640 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimspe86.sys -- (rimspci)
DRV - [2009/09/28 13:47:00 | 000,038,912 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdpe86.sys -- (rixdpcie)
DRV - [2009/09/17 18:04:28 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/14 00:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 00:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 15:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 15:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ========== FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\Programs\Office15\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/09 09:43:27 | 000,000,000 | ---D | M]
[2013/04/04 08:50:41 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\mozilla\Firefox\Profiles\590tipyt.default\extensions
[2013/04/04 08:50:42 | 000,000,000 | ---D | M] (No name found) -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\mozilla\Firefox\Profiles\590tipyt.default\extensions\staged
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = D:\Profiles\Bryan.O'Donovan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/04/15 20:40:02 | 000,001,805 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Programs\Office15\URLREDIR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [EE WAFER ModemListener] C:\Program Files\Web Connection\Y800_EE\BackgroundService\ModemListener.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Track-It! Workstation Manager Service Monitor] C:\Windows\TIREMOTE\TIServiceMonitor.exe (Numara Software, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "F:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Security Notice (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Neoteris\Secure Application Manager\gapsp.dll (Neoteris)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - D:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD}
https://www.rooms.hp...VCInstall35.cab (HPVirtualRooms35 Class)
O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A}
http://www.cartesian...X/CpcViewAX.cab (CPC View ax Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = internal.theclancygroup.co.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB16AD76-A0F2-4AA3-8BD8-0E0B6883553E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - F:\Programs\Office15\MSOSB.DLL File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07ac1be2-ed26-11e2-82ed-001e101ffa9e}\Shell - "" = AutoRun
O33 - MountPoints2\{07ac1be2-ed26-11e2-82ed-001e101ffa9e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{07ac1bf9-ed26-11e2-82ed-001e101ffa9e}\Shell - "" = AutoRun
O33 - MountPoints2\{07ac1bf9-ed26-11e2-82ed-001e101ffa9e}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{115d1674-ab2b-11e2-8f52-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{115d1674-ab2b-11e2-8f52-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1404d019-949b-11e3-a0c2-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{1404d019-949b-11e3-a0c2-cc52af894394}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{14e23a59-1790-11e2-93e0-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a59-1790-11e2-93e0-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23a70-1790-11e2-93e0-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a70-1790-11e2-93e0-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23a9a-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23a9a-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23aa9-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23aa9-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{14e23c7e-1790-11e2-93e0-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{14e23c7e-1790-11e2-93e0-001e101fb4df}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2042b448-7dcf-11e2-a24f-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{2042b448-7dcf-11e2-a24f-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2042b536-7dcf-11e2-a24f-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{2042b536-7dcf-11e2-a24f-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3732bf16-385d-11e1-9992-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{3732bf16-385d-11e1-9992-cc52af894394}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{3aba2a35-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2a35-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2a49-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2a49-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3aba2b73-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b73-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2b90-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b90-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2b9c-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2b9c-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c45-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c45-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c53-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c53-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3aba2c6b-46c0-11e2-8358-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{3aba2c6b-46c0-11e2-8358-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46c53b9f-406d-11e2-8de4-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{46c53b9f-406d-11e2-8de4-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{46c53bbc-406d-11e2-8de4-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{46c53bbc-406d-11e2-8de4-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a623fcf-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a623fcf-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624030-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624030-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624097-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624097-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a6240f9-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a6240f9-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a62410e-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a62410e-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4a624151-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624151-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a624173-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a624173-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{4a6242fd-6154-11e2-ba51-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{4a6242fd-6154-11e2-ba51-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{552a8e04-2684-11e3-a533-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{552a8e04-2684-11e3-a533-2c41380a89bb}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{7938713c-4cf8-11e1-84ac-cc52af894394}\Shell - "" = AutoRun
O33 - MountPoints2\{7938713c-4cf8-11e1-84ac-cc52af894394}\Shell\AutoRun\command - "" = F:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\{e62fe206-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe206-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe213-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe213-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe2f6-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe2f6-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e62fe367-3afb-11e2-8e28-001e101fcab6}\Shell - "" = AutoRun
O33 - MountPoints2\{e62fe367-3afb-11e2-8e28-001e101fcab6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce659-406e-11e2-a9de-a088b42d4938}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce659-406e-11e2-a9de-a088b42d4938}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce665-406e-11e2-a9de-a088b42d4938}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce665-406e-11e2-a9de-a088b42d4938}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9cce687-406e-11e2-a9de-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e9cce687-406e-11e2-a9de-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ef26b5a0-2ce6-11e3-aecd-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{ef26b5a0-2ce6-11e3-aecd-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fef2476a-4067-11e2-ae5c-2c41380a89bb}\Shell - "" = AutoRun
O33 - MountPoints2\{fef2476a-4067-11e2-ae5c-2c41380a89bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2014/02/22 12:27:56 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2014/02/19 13:15:11 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2014/02/19 13:15:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2014/02/19 13:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2014/02/18 17:31:17 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Local\Avg2013
[2014/02/18 17:30:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/17 19:39:30 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\InstallShield
[2014/02/10 16:43:00 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\Documents\DO1005 - Twin Tracking - Permanent Way
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\ms
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\ccmcache
[2014/02/10 12:29:01 | 000,000,000 | ---D | C] -- C:\Windows\CCM
[2014/02/10 12:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Policy Platform
[2014/02/07 15:01:56 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Adobe
[2014/02/03 08:34:23 | 000,000,000 | ---D | C] -- C:\Windows\ccmsetup
[2014/01/28 12:52:06 | 000,000,000 | ---D | C] -- D:\Profiles\Bryan.O'Donovan\AppData\Local\Adobe
========== Files - Modified Within 30 Days ========== [2014/02/24 11:39:04 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/02/24 11:38:15 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/24 11:35:46 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 11:35:46 | 000,025,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 11:35:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/23 21:18:54 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/20 17:39:26 | 000,000,580 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2014/02/20 17:35:44 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/02/20 17:35:40 | 2402,045,952 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/20 14:02:40 | 000,669,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/20 14:02:40 | 000,126,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/18 12:49:40 | 001,457,880 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Documents\PVEA3031-PLN-EST-C024-0201065 EPP.pdf
[2014/02/18 10:04:34 | 000,004,690 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Documents\Document1.pdf
[2014/02/17 19:58:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2014/02/13 09:53:51 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\Audit 13.job
[2014/02/13 07:06:48 | 000,000,175 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Desktop\Sharepoint - Proposals & Tenders.url
[2014/02/13 07:06:48 | 000,000,166 | ---- | M] () -- D:\Profiles\Bryan.O'Donovan\Desktop\Sharepoint - Business Support.url
[2014/02/13 07:06:45 | 000,045,223 | RHS- | M] () -- D:\ProgramData\ntuser.pol
[2014/02/10 12:29:31 | 000,000,704 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2014/02/10 12:29:26 | 000,004,764 | ---- | M] () -- C:\Windows\System32\CcmFramework.ini
[2014/02/10 12:29:26 | 000,000,621 | ---- | M] () -- C:\Windows\System32\CcmFramework.h
========== Files Created - No Company Name ========== [2014/02/18 17:16:24 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/02/18 12:49:37 | 001,457,880 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\Documents\PVEA3031-PLN-EST-C024-0201065 EPP.pdf
[2014/02/18 10:04:41 | 000,004,690 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\Documents\Document1.pdf
[2014/02/17 19:58:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2014/02/10 12:29:29 | 000,000,704 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2014/02/10 12:29:26 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini
[2014/02/10 12:29:26 | 000,000,621 | ---- | C] () -- C:\Windows\System32\CcmFramework.h
[2014/02/10 12:29:01 | 000,000,580 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2013/04/18 19:22:31 | 000,000,147 | ---- | C] () -- D:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/04/12 16:47:05 | 000,000,024 | ---- | C] () -- C:\Windows\WINTAB32.INI
[2013/04/12 16:32:09 | 000,000,249 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/12/30 16:14:34 | 000,018,944 | ---- | C] () -- D:\Profiles\Bryan.O'Donovan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/10 09:38:35 | 000,000,302 | ---- | C] () -- C:\Windows\ricdb.ini
[2012/01/06 19:22:53 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini
[2012/01/06 10:48:08 | 000,045,223 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2012/01/06 10:19:02 | 000,000,065 | -H-- | C] () -- D:\ProgramData\TrackitAudit.id
[2012/01/06 09:54:48 | 000,006,330 | RHS- | C] () -- D:\Profiles\Bryan.O'Donovan\ntuser.pol
========== ZeroAccess Check ========== [2013/03/25 19:02:04 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$7e107a650eacf5dc0fb1a634583ad1e7\@
[2013/03/25 19:02:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$7e107a650eacf5dc0fb1a634583ad1e7\L
[2013/04/05 07:27:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$7e107a650eacf5dc0fb1a634583ad1e7\U
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 08:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2013/04/18 19:37:57 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Autodesk
[2013/09/12 11:15:37 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Bentley
[2013/04/15 20:58:44 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\DAEMON Tools Lite
[2012/12/07 15:57:07 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\GEO-SLOPE
[2011/05/09 10:25:15 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Neoteris
[2012/12/07 12:53:45 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Tatara Systems
[2012/10/16 12:53:38 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Telefónica
[2012/01/27 14:08:12 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\Temp
[2012/10/16 12:53:38 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\TGCMLog
[2013/04/04 20:46:26 | 000,000,000 | ---D | M] -- D:\Profiles\Bryan.O'Donovan\AppData\Roaming\TuneUp Software
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> D:\ProgramData\TEMP:BEC0D766
< End of report >